Managing social network accessibility based on age

ABSTRACT

When a user having an age less than a threshold age (a child user) attempts to access an online service or perform actions using the online service, the online service obtains parental authorization from an additional user having a parental relationship to the user. The child user may identify the user having the parental relationship and the online service verifies the validity of the identified user&#39;s account, the age of the identified user, and/or a connection between the identified user and the child user having a parental relationship type. The online service may make these verifications based in part social and transactional information associated with the identified user&#39;s account. Upon successful verification, the online service allows the identified user to authorize account creation for the child user, and/or manage the account and actions of the child user.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.13/687,867, filed Nov. 28, 2012, now allowed, which is incorporated byreference in its entirety. This application is related to U.S.application Ser. No. 12/858,403, filed Aug. 17, 2010, now U.S. Pat. No.8,671,453, issued on Mar. 11, 2014 which is incorporated by reference inits entirety.

BACKGROUND

This invention relates generally to social networking systems, and inparticular, to managing social networking system access based on userage.

Under certain government regulations, such as the Children's OnlinePrivacy Protection Act (COPPA), operators of social networking systemsand other online services that are directed towards children or that mayotherwise collect personal information from children are required toobtain parental consent for the collection, use, or disclosure of thechildren's personal information. Parental consent is also appropriatewhen children request access to social networking systems and/or otheronline services that contain mature content or are primarily directed toadults.

Conventionally, parental authorization can be obtained through methodssuch as requiring credit card information, contacting the parentdirectly (i.e., via mail or fax), or obtaining a parent's signature on aconsent form. These methods may be ineffective and burdensome on alarger scale, especially when hundreds or thousands of children requestaccess to a website each day. Additionally, methods for obtainingparental consent can be subject to fraud and inaccuracies becausewebsite operators lack sufficient information to verify that the personproviding consent is the child's parent. For example, a child may takehis parent's credit card and use it to gain access to a website withoutthe parent's consent. Additionally, online systems, such as socialnetworking systems, are unable to effectively notify parents of theirchildren's interactions over the systems or allow parents to manage achild's online system use.

SUMMARY

Embodiments of the invention allow a social networking system to manageuser access based on a user's age. More specifically, if a user's agedoes not exceed a threshold age, the social networking system allows adifferent user that is a verified parent of the user to administer theuser's account. A user that does not exceed a threshold age is referredto herein as a “child user.” The verified parent of a child userprovides the social networking system with administrative settings thatare used by the social networking system, along with the child user'sage, to regulate the child user's access to the social networkingsystem.

In one embodiment, the social networking system may require a child userto obtain authorization from its parent to access the social networkingsystem. In the embodiment, the social networking system receives anindication from the child user that another social networking systemuser is the child user's parent. The social networking system verifiesthat the indicated user is the child user's parent based on data storedby the social networking system. For example, the social networkingsystem verifies that an indicated user is a child user's parent based onvalidity of the indicated user's account, the age specified by theindicated user's account and/or the existence of a parent-childrelationship between the accounts associated with the child user andwith the indicated user. Hence, data from the indicated user's accountand/or from the child user's account is used to verify a parentalrelationship between the users.

In one embodiment, a verified parent user governs and administers theaccount for a child user of the verified parent user. For example, thesocial networking system provides a verified parent user's account withadministrative access to the child user's account, allowing the verifiedparent user to modify various settings of the child user's account. Forexample, a verified parent user may control connections that the childuser may establish, groups or events that the child user may join,software applications that the child user may access, etc.

In one embodiment, the social networking system may automatically limita child user's access to the social networking system. For example, thesocial networking system automatically establishes a parent-childrelationship between a verified parent user and the child user in thesystem, and does not allow the child user to unilaterally terminate theestablished parent-child relationship. As another example, for a childuser under the age of thirteen, the social networking system restrictsaccess to the child user's content to other social networking systemusers connected to the child user. As yet another example, the socialnetworking system prevents other social networking system users fromlocating the child user via the social networking system or from sendingconnection requests (e.g., requests to establish a friend relationship)to the child user.

The social networking system may, in an automatic manner, alsoperiodically or continuously notify a verified parent user of actions inthe social networking system performed by the child user associated withthe verified parent user. For example, the social networking systemnotifies a verified parent user when an associated child user is invitedto an event, sends a friend request and/or receives a friend request.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a high-level block diagram of a system environment, inaccordance with an embodiment of the invention.

FIG. 2 is a high-level block diagram of the verification modules, inaccordance with an embodiment of the invention.

FIG. 3 is a flowchart of a parental authorization process, in accordancewith an embodiment of the invention.

FIG. 4 is a flowchart of an account verification process, in accordancewith an embodiment of the invention.

FIG. 5 is an interaction diagram of a parental authorization process forthird party systems, in accordance with an embodiment of the invention.

FIG. 6 is a flowchart of a process for administering a child user'saccount, in accordance with an embodiment of the invention.

The figures depict various embodiments of the present invention forpurposes of illustration only. One skilled in the art will readilyrecognize from the following discussion that alternative embodiments ofthe structures and methods illustrated herein may be employed withoutdeparting from the principles of the invention described herein.

DETAILED DESCRIPTION

Overview

An online service, such as social networking system, is configured toobtain parental consent for a child's access to a computing resource andmay also allow a verified parent of the child to manage a user accountfor the child. For example, if an online service user is associated withan age that does not exceed a threshold age (a “child user”), anotheruser that is a verified parent of the child user provides administrativesettings regulating the child user's access to a social networkingsystem. For example, a social networking system restricts actions of achild user based on administrative settings provided by the child user'sparent. Additional administrative settings allow the verified parent ofthe child user to monitor actions taken by the child user within theonline service. For example, a social networking system mayautomatically send notifications regarding a child user's actions to auser account associated with a verified parent of the child user.

As used herein, an “online service” includes a social networking system,a website external from the social networking system, an online service,a game or other online application, a media item, or any other computingenvironment that requires parental authorization. The online service canbe a portion of a website, an online application that is run on awebsite, or media items shown on a website. In some embodiments, thecomputing resource is a social networking system that provides users away to connect and communicate with other users. Social networkingsystems allow users to establish relationships or connections withothers and share information in a variety of useful ways.

A user is a person or entity that interacts with other persons orentities via the social networking system and is associated with anapproved account in the social networking system. As discussed, a childuser is a user having an age that is less than a threshold age. Forexample, children in the United States under 13 years of age must obtainverifiable parental consent before accessing websites or online servicesthat are directed to children or that collect information from children.In other embodiments, a child user is a user having an age less than anage of consent, such as a user under 18 years old.

System Architecture

FIG. 1 is a block diagram of one embodiment of a system environment 100.In the embodiment shown by FIG. 1, the system environment 100 includesclient devices 110 a and 110 b, a network 101, and a social networkingsystem 120. However, in other embodiments the system environment 100 mayinclude different and/or additional components.

The client devices 110 a, 110 b are any devices having data processingand data communication capabilities. Examples of client devices 110include desktop computers, laptop computers, portable computers,personal digital assistants (PDAs), smart phones, or any other deviceincluding computing functionality and data communication capabilities. Aclient device 110 communicates with other client devices 110 and/or witha social networking system 120 via the network 101.

Interactions between a client device 110 and the social networkingsystem 120 are typically performed via the network 101, which enablescommunication between a client device 110 and the social networkingsystem 120. In one embodiment, the network 101 uses standardcommunications technologies and/or protocols. Thus, the network 101 mayinclude links using technologies such as Ethernet, 802.11, worldwideinteroperability for microwave access (WiMAX), 3G, 4G, LTE, digitalsubscriber line (DSL), asynchronous transfer mode (ATM), InfiniBand, PCIExpress Advanced Switching, etc. The network 101 may also utilizededicated, custom, or private communications links. The network 101 maycomprise any combination of local area and/or wide area networks, usingboth wired and wireless communication systems.

The social networking system 120 includes accounts associated withusers, as further described below. The social networking system 120receives data from client devices 110 via the network 101 and processesthe received data. In one embodiment, the social networking system 120includes an account registration module 121, a verification module 122,a user account module 123, an authorization module 124, a communicationmodule 125, an action log 126, an application programming interface(API) server 127, and a regulation module 128.

The account registration module 121 receives requests via the network101 to create accounts from entities using or establishing an account touse a computing resource associated with the social networking system120. As described above, an entity requesting an account may have an agethat does not equal or exceed a threshold age (i.e., a child user). Inone embodiment, the account registration module 121 determines whether arequest for an account is received from a child user and requestsidentifying information for an additional user that is a parent of thechild user. For example, if data included in a request for an account(e.g., an age, a birth date, etc.) indicating the user's age indicatesthat the user's age does not equal or exceed a threshold value, theaccount registration module requests that the user identify anadditional user having a parental relationship with the requesting user.The account registration module 121 communicates an identification ofthe additional user or data identifying the additional user to theverification module 122, which verifies that the additional user has aparental relationship with a child user requesting an account. If anadditional user verified as having a parental relationship with a childuser provides authorization to the account registration module 121, anaccount for the child user is created. Verification of a parentalrelationship between users is further described below in conjunctionwith FIGS. 3-4.

Referring back to FIG. 1, the user account module 123 stores accountdata associated with a user's account. The account data includesidentifying information about the user, such as the user's name,address, user identification (ID), and password. The user account module123 stores account data for a plurality of users' accounts. In oneaspect, the data includes social data, including information regardingthe user's demographic characteristics, such as the user's age,interests, gender, educational history, etc. The data further includesthe various connections or edges of the user to other users of thesocial networking system. The connections may be added explicitly by theuser. For example, the user may select a particular other user to be afriend. The connections also may be automatically created by the socialnetworking system based on common characteristics of the users (e.g.,users who are alumni of the same educational institution). Connectionsin social networking systems are usually in both directions, but neednot be, so the terms “user” and “friend” depend on the frame ofreference. For example, if Bob and Joe are both users and connected toeach other in the system, Bob and Joe are also each other's friends. Theconnection between users may be a direct connection; however, someembodiments of a social networking system allow the connection to beindirect via one or more levels of connections. Also, the term friendneed not require that users actually be friends in real life, (whichwould generally be the case when one of the users is a business or otherentity); it simply implies a connection in the social networking system.

The verification module 122 verifies user accounts alleged to have aparental relationship with another user. In one embodiment, shown inFIG. 2, the verification module 122 includes an account verificationmodule 210, an adult verification module 220, and a relationshipverification module 230. For example, the verification module 122determines whether a user alleged to have a parental relationship with achild user (a “purported parent”) has an account with the online serviceassociated with the social networking system 120, whether the purportedparent is an adult and whether the purported parent is connected to thechild user. In other embodiments, the verification module 122 performsany suitable actions for verifying a parental relationship between apurported parent and a child user.

The account verification module 210 verifies that a purported parent hasa valid account. For example, the account verification module 210compares information identifying a purported parent with stored useraccounts to verify that information identifying the purported parentcorresponds to information in at least one stored user account.Additionally, the account verification module 210 analyzes a stored useraccount corresponding to the information identifying a purported parentto verify that the stored user account is authentic.

For example, the account verification module 210 retrieves actions,locations, demographic data or other information associated with a useraccount to determine that the user account is authentic. Illustratively,the account verification module 210 may verify a user account based onthe number of established connections associated with the user account.More specifically, the probability that an account is valid increases asthe account has more connections. Therefore, the account verificationmodule 210 may determine that an account is authentic if the account hasgreater than a threshold number of connections. If the user account doesnot have greater than a threshold number of connections, the accountverification module 210 may determine that the account is not valid or,alternatively, flag the account for further verification.

If a user account corresponding to a purported parent is verified, theadult verification module 220 determines an age from data in the useraccount. For example, the adult verification module 220 compares the agefrom the user account associated with an adult age threshold anddetermines that the user account is associated with an adult if the ageequals or exceeds the adult age threshold. The adult verification module220 may use any suitable data to determine the age associated with auser account. For example the adult verification module 220 uses an agedeclared in the user account, a birth date specified by the user accountand the current date, the average age of other user accounts connectedto the user account or other suitable data associated with the useraccount. In one embodiment, the adult verification module 220 determinesan age associated with a user account using different types of data toimprove the accuracy of the age determination.

The relationship verification module 230 determines whether thepurported parent user is the parent of a child user. In some instances,the relationship verification module 230 leverages various socialsignals (e.g., information derived from connections, user profiles, useractions) to verify a parental relationship. In one embodiment, therelationship verification module 230 determines whether the user accountof the child user is connected to the user account associated with thepurported parent and, if the accounts are connected, determines whetherthe connection has a type associated with a parental relationship.Additional data associated with the user accounts of the child user andof the purported parent may be used to verify the parental relationship.For example, location data associated with the child user and purportedparent user accounts is analyzed, or pictures having the child user andthe purported parent tagged are analyzed to further determine therelationship between the child user and the purported parent. In oneembodiment, after verifying a parent-child relationship, therelationship verification module 230 automatically establishes aconnection between the user account of the child user and the useraccount of the purported parent having a specified type indicating aparental relationship.

The authorization module 124 determines whether to create a new useraccount or to allow access to an existing user account. Additionally, ifa child user requests creation of a new user account, the authorizationmodule 124 communicates with the verification module 122 to identify auser account associated with a verified parent of the child user andrequests authorization to create the requested account from the verifiedparent. The communication module 125 communicates a response from theverified parent to the authorization module, which sends theauthorization to the account registration module 121 to create theaccount if the response from the verified parent is an approval. If theresponse from the verified parent is a denial, the authorization module124 does not provide authorization to create the account and maycommunicate a message to the requesting child user via the communicationmodule 125 indicating the account was not created.

The communication module 125 links the social networking system 120 tothe one or more client devices 110 via the network 101. Thecommunication module 125 receives requests for data from a client device110 and communicates data retrieved from the social networking system120 to a client device 110 via the networking. For example, thecommunication module 125 serves web pages, as well as other web-relatedcontent, such as JAVA®, FLASH®, XML and so forth to client devices 110.The communication module 125 may provide the functionality of receivingand routing messages between the social networking system 120 and clientdevices 110, for example, instant messages, queued messages (e.g.,email), text and SMS (short message service) messages, or messages sentusing any other suitable messaging technique. The communication module125 receives requests from a client device 110 to create a user accountand communicates the requests to the account registration module 121, tothe verification module 122 or to any other suitable component.

The action logger 126 receives communications about user actions onand/or off the online service associated with the social networkingsystem 120 and maintains a log describing the actions. Examples ofactions may include, for example, adding a connection to another user,sending a message to another user, uploading an image, reading a messagefrom another user, viewing content associated with another user,attending an event posted by another user, among others. The actionlogger 126 may store various types of data describing actions. Examplesof stored data describing actions include the date and/or time when anaction was performed, a user account identifier of the user performingthe action, a type associated with the action, an object on which theaction was performed or other data. Actions performed by a user ononline services other than the online service associated with the socialnetworking system 120 may be stored by the action logger 126. Forexample, if the online service associated with the social networkingsystem 120 is a social networking system, the action logger 126 maystore user actions taken within the social networking system as well asactions taken on websites external to the social networking system.

The web server 127 links the social networking system 120 to externalwebsites and/or to client devices 110. In one embodiment, the web server127 allows external systems to send information to the social networkingsystem 120 by calling APIs via the network 101. The web server 127processes the request by calling the appropriate program code to collectappropriate data, which is then communicated back to the external systemvia web server 127 the network 101. A request for parental authorizationof a child user's use of the online service associated with the socialnetworking system 120 may be received by the web server 127. The webserver 127 may also transmit a request for authorization of a childuser's account to one or more client devices 110 via the network 101.

The regulation module 128 enables a verified parent user to administerand/or govern accounts of child users associated with the verifiedparent user. Additionally, the regulation module 128 governs the varioususers (including child users) of the online service associated with thesocial networking system 120. For example, the regulation module 128manages different types of interactions that users of the online servicemay perform and manages the types of information that may be presentedto the various users of the online service.

Using the regulation module 128, a verified parent user may definesettings for governing the interactions of an associated child user, maydefine the types of information that can be presented to the child user,or may define other suitable configuration settings. In one embodiment,the regulation module 128 restricts or limits the access of usersidentified as child users based on settings received from verifiedparents associated with the child user. For example, the regulationmodule 128 receives a setting from a verified parent user indicatingthat requests from other users to connect to a child user associatedwith the verified parent user must first be approved by the verifiedparent user. A process for administering and governing a child user'saccount is further described below in conjunction with FIG. 6.

Child User Account Verification

FIG. 3 illustrates a flow chart of one embodiment of a method 300 forobtaining parental consent for a child user's account for an onlineservice. In the embodiment shown by FIG. 3, the account registrationmodule 121 receives 301 a request to open an account in the onlineservice and determines that the request is from a child. For example,based on data (e.g., a provided age, a provided birth date, etc.)included in the request, the account registration module 121 determinesan age associated with the requesting entity and determines whether theage is less than a threshold age. If the age of the requesting entitydoes not equal or exceed the threshold age, the account registrationmodule 121 determines that the requesting entity is a child andrequests, from the child, information identifying a parent. The accountregistration module 121 receives 302 information identifying a parentuser, which is the purported parent of the child. Examples ofinformation identifying a parent user include: a name, an address,contact information (telephone number, email address), useridentification (ID) information, account identifier, screen name orother suitable information.

Using the information identifying the parent user, the verificationmodule 122 verifies 303 that the identified parent user has a validaccount with the online service, verifies 304 that the identified parentuser is an adult, and verifies 305 that the identified parent user isthe parent of the child. The verification module 122 is furtherdescribed above in conjunction with FIG. 2. While FIG. 3 describesverifying 303 that the parent user has a valid account, verifying 304that the identified parent user has at least an adult threshold age andverifying 305 that the identified parent user is the parent of the childuser requesting an account, in different embodiments, a subset of theseverifications are performed or additional verifications are performed.The order in which the identified parent user is verified as the parentof the child user requesting an account may vary in differentembodiments.

As discussed, the verification module 122 verifies 303 that theidentified parent user has a valid account with the online serviceassociated with the social networking system 120. A valid account is anaccount that is owned and accessed by a real person who is authorized touse the account and is also associated with legitimate and safeactivities in the system. Conversely, an account associated with theidentified parent user is not valid if it does not exist in the system(i.e., the name of the identified parent user is not registered with anaccount).

An account may also be invalid if it has been fraudulently accessed orused by someone other than the authorized user. For example, an accountmay be invalid if confidential information has been accessed from theaccount, such as the user ID, password, or account numbers withoutconsent of the user associated with the account. An account is alsoinvalid if the account has been used to engage in suspicious activitiesor if the account has been accessed from a suspicious location, which isdiscussed in detail herein. In some embodiments, an account is invalidbecause it was created for an illegitimate use in the online service.For instance, if a user creates multiple accounts for engaging in anonline game in a social networking system, the multiple accounts wouldbe invalid as they were created for an illegitimate use.

FIG. 4 shows a flow chart of one embodiment of a detailed process forverifying 303 the validity of an account associated with an identifiedparent user. In one embodiment, the process described in conjunctionwith FIG. 4 is performed by the account verification module 210 of theverification module 122. The account verification module 210 receives401 information identifying the user that is the purported parent userof the child user and identifies 402 the parent user's account based onthe information. If the account verification module 210 determines thata purported parent user's account does not exist or has been abandoned,the account verification module 210 denies the child user's request foran account.

If an account is associated with the purported parent user, the accountis analyzed 403 to determine whether it is associated with a legitimateuser. For example, actions from the action log module 126 associatedwith the purported parent user's account are analyzed 403. A validaccount is likely to engage in safe or quality activities enhancingcommunication, establishing connections or providing content to theonline service. Examples of safe or quality activities include:establishing connections with other users; sending messages to otherusers; posting stories, pictures, or links on profiles; participating inonline discussions; commenting on other user's posts; and joininggroups, events, or communities.

A purported parent user's account that is connected with a thresholdnumber of other users or that has engaged in a threshold number ofquality interactions in the social networking system is likely to be avalid account. Moreover, a purported parent user's account that hasreceived communications or requests for connections from other users islikely to be a valid account because a legitimate user would receivecommunications or requests to connect with others. In contrast, apurported parent's account that has engaged in less than a thresholdnumber of interactions or received less than a threshold amount ofcommunication from other users is likely to be an invalid account.Additionally, the length of time that the purported parent's account hasbeen established and actively used may be a factor in determining theaccount's validity. For example, an account that has been in active usefor a threshold amount of time (e.g., a year) may be an indication thatthe account is valid.

The authenticity of other user accounts that are connected to thepurported parent user may be analyzed 403. For example, other useraccounts connected with the purported parent user's account may lackmultiple connections with other users or have low quality interactionsin the social networking system, indicating that these accounts areinvalid. Accordingly, the parent user's account, which is connected tothe likely invalid accounts, may also be invalid. Conversely, if theuser accounts connected to the purported parent user's account have athreshold number of connections and are associated with a thresholdnumber of quality activities, the purported parent user's account islikely to be valid. Accounts of multiple users associated with thepurported parent user may be tracked and analyzed to determine whether agroup of fake accounts are connected to each other.

In one embodiment, the purported parent user's account is analyzed 403for suspicious activities, which occur when an entity other than anauthorized user creates a session by obtaining fraudulent access to thepurported parent user's account (i.e., obtaining the user ID andpassword of an account and logging into the account pretending to be theauthorized user). Examples of suspicious activities include spamming(i.e., sending unsolicited advertisements, messages or requests to otherusers), phishing (i.e., attempting to obtain confidential informationfrom other users), accessing sensitive information (i.e., socialsecurity numbers or credit card numbers), or any other type ofillegitimate or objectionable actions that negatively affect otherusers. If suspicious activities are associated with the purported user'saccount, the account verification module 210 determines 404 whether thesuspicious activities exceed a specified threshold. The purported parentuser's account is classified 411 as invalid if the suspicious activitiesexceed the threshold. For example, a threshold is set where a user'saccount is classified 411 as invalid if it is used to send more than onespam message to other users. Systems and methods for managingobjectionable behavior in a web-based social networking system aredisclosed in U.S. application Ser. No. 11/701,744, filed on Feb. 2,2007, which is incorporated by reference herein in its entirety.

In some embodiments, if the suspicious activity associated with theuser's account does not exceed the threshold, further verification stepsmay be performed. For example, the verification module 122 request 405that the purported parent user create a new session with the onlineservice. A session is created when a user accesses the user's account bylogging into the online service or accessing a website associated withthe online service. Requesting 405 creation of a new session allows theaccount verification module 210 to analyze 406 a location associatedwith the new session to determine 407 whether the purported parent useris accessing the account from a suspicious location. The location of thesession is received from a client device 110 associated with thepurported parent user. A session's location may include the geographicallocation of the client device 110, information about the physicalattributes of the client device 110 used by the user, the networkaddress associated with the newly created session or other identifyinginformation.

Typically, a user regularly creates sessions from the same set oflocations, such as from client devices 110 in a home and/or in aworkplace. For example, a user may routinely establish sessions with theonline service from its home in Palo Alto, Calif. or its place of workin Mountain View, Calif. These locations may be referred to as “safelocations.” A user is less likely to establish a session using clientdevices 110 that are in locations distant from the safe locations.Hence, a session created from a distant location may be consideredsuspicious or unsafe. Referring to the preceding example, a sessionestablished from Mexico City, Mexico would be an atypical user locationthat would be considered suspicious.

Further, certain geographic locations, user locations, or networkaddresses may be associated with a negative reputation based on a pasthistory of suspicious sessions created from those locations. An attemptto create a session from a location having a negative reputation may beflagged as suspicious. For example, a location in Nigeria may have areputation for phishing and other fraudulent online activities. If apurported parent user's account that is typically associated withlocations in the U.S. creates a new session from the location in Nigeriathe session is flagged to indicate that the purported parent user'saccount may be invalid.

Based on the location information from the newly created session, theaccount verification module 210 determines 407 whether the newly createdsession is associated with a suspicious location. In some embodiments,the account verification module 210 determines 407 whether the locationassociated with the newly created session matches a stored locationidentified as safe. If the location does not match a stored safelocation, the account verification module 210 determines 407 whether thelocation matches one of the known suspicious locations. Alternatively,the account verification module 210 determines 407 whether the locationof the new session matches a suspicious location, and classifies 411 thepurported parent's account as invalid if the location matches asuspicious location. In other embodiments, the purported parent'saccount is not classified 411 as invalid until a threshold number ofsessions are associated with being suspicious. Authenticating usersessions based on reputation of user locations is disclosed in U.S.patent application Ser. No. 12/646,800, filed on Dec. 23, 2009, and U.S.patent application Ser. No. 12/646,803, filed on Dec. 23, 2009, each ofwhich is incorporated by reference herein in its entirety.

In some embodiments, if the purported parent creates a new session froma suspicious location, authentication of the purported parent user'saccount is enhanced 408. In one embodiment, authentication is enhanced408 by providing a challenge-response test to the purported parent user.A challenge-response test provides a challenge to the user, whichrequests a response that only the authorized user of the account wouldlikely be able to answer. For example, a challenge may be a securityquestion based on information that only a user authorized to access thepurported parent user's account is likely to know.

One type of challenge is a “Completely Automated Turing Test To TellComputers and Humans Apart” (CAPTCHA), which requires a user to readdistorted text and type the letters or numbers to authenticate that theuser is not an automated system or computer that has improperly gainedaccess to the user's account. A social CAPTCHA is another type ofchallenge that can be presented to a user of a social networking system.The social CAPTCHA asks the user to identify information about otherusers connected to the user or about interactions in the socialnetworking system. For example, a user may be presented with five usersand asked which of them is connected to the user in the socialnetworking system. The difficulty level of the social CAPTCHA may beadjusted based on a degree of suspicion associated with the account.Examples of increasing social CAPTCHA difficulty include: requestingidentification of more specialized types or information in a challenge,increasing the number of questions presented, or increasing the numberof potential answers from which answers are chosen. Using socialinformation to authenticate a user session is disclosed in U.S.application Ser. No. 12/399,723, filed on Mar. 6, 2009, which isincorporated by reference herein in its entirety.

In some embodiments, the social CAPTCHA may be presented to a user atany time when suspicious activity is associated with the user's accountto validate the account. For example, a social CAPTCHA may be presentedto the user when suspicious activities are identified from past sessionsassociated with the user's account. In one embodiment, the socialCAPTCHA is presented after requesting 405 a user create a new session.The enhanced authentication may be presented in a variety of ways, suchas via email, text message, multimedia messaging service (MMS), or othertype of online communication.

The account verification module 210 determines 409 whether a correctresponse to the enhanced 408 authentication is received from thepurported parent user. An incorrect response to the challenge resultsthe purported parent user's account being classified 411 as invalid. Insome embodiments, the purported parent user's account is not classified411 as invalid until the number of incorrect responses to the enhancedauthentication 408 equals or exceeds a threshold. If the purportedparent user provides a correct response to the enhanced 408authentication, the purported parent user's account is classified 410 asvalid.

A purported parent user's account may also or additionally be analyzedby the account verification module 210 for suspicious activitiesassociated with the account that occur on third-party websites. Forinstance, a purported parent user's account in a social networkingsystem is used to connect to third party websites, such as an onlineretail website or an online banking service and the purported parentuser's actions with the third party website are analyzed for suspiciousactivities. For example, a purported parent user's account is used tolog into a third party online classifieds website and post fraudulentsales items on the website. Analyzing this information may indicate thatthe purported parent user's account has been compromised and may beinvalid. Activities by the purported parent user's account, such assuspicious activities, on third party websites may be analyzed using themethods described above to determine whether the parent user's accountis valid.

In another embodiment, a confidence score or metric is calculated forthe purported parent user's account based on a variety of data using themethods described above. If the confidence score equals or exceeds athreshold, the purported parent user's account is classified as valid.However, if the confidence store is less than the threshold, thepurported parent user's account is classified as invalid. In otherembodiments, challenge-response, such as a social CAPTCHA, is presentedto the purported parent user to enhance authentication if the confidencescore is less than the threshold.

Adult Verification

Referring back to FIG. 3, if the purported parent user's account isverified 303 as valid, the verification module 122 verifies 304 that thepurported parent user is an adult. For example, the adult verificationmodule 220 verifies 304 the age of the purported parent user based onsocial data associated with the account of the parent user. In someembodiments, the purported parent user's age is determined frominformation in the purported parent user's account. For example an ageor birth date included in the purported parent user's account is used toverify 304 that the purported parent user's age is at least an adult agethreshold. Alternatively, the adult verification module 220 asks thepurported parent user for its age and compares the provided age to theadult age threshold.

The adult verification module 220 may also determine the purportedparent user's age based on social signals associated with the purportedparent user's account. For example, social signal data associated withthe purported parent user's account is analyzed using a histogram, andvarious calculations may be made from the histogram, including theaverage, median, skew, and kurtosis of the social data set. For example,the average age of users connected to the purported parent user isdetermined from a histogram. If the average age of the users connectedto the purported parent user equals or exceeds the adult age threshold(e.g., 35 years old), the adult verification module 220 verifies 304 thepurported parent user is an adult.

In some embodiments, the activities associated with the purported parentuser's account are analyzed to determine the age of the purported parentuser. Activities associated with the purported parent user's account mayprovide an indication of the purported parent user's approximate age.Examples of activities providing information about an approximate ageinclude joining a university's alumni organization webpage, postingcomments or links related to news articles or political stories withadult-oriented topics, including profile information showing anemployment history or joining an employment-based network. If athreshold number or percentage of activities associated with thepurported parent user's account is adult-oriented, the purported parentuser is likely to be an adult.

Various other social data may indicate whether the purported parent useris an adult, such as data indicating that the parent user is employed oris married. The adult verification module 220 may analyze various socialdata as factors, either alone or in combination, to determine whetherthe parent user is an adult. In some embodiments, each factor is given aconfidence score and the confidence scores are combined to form anoverall confidence score. If the overall confidence score exceeds athreshold score, the parent user is verified 304 as an adult.

In some embodiments, a machine learning process verifies 304 whether theparent user is an adult based on inputs derived from various socialdata. Examples of input include the average, median, skew, and kurtosisobtained from a histogram of the social data. Additional examples ofinputs include binary inputs from the social data, such as whether thepurported parent user is employed or is married.

A machine learning process may be trained using inputs based on socialdata from a parent user verified to be an adult. Various rules andcoefficients may be used to adjust the machine learning process toaccurately predict whether a purported parent user is an adult. Aftertraining on a known data set, the machine learning process may be usedto determine whether other purported parent users are adults. Forexample, the machine learning process receives as input various signalsabout the average age of users connected with a purported parent user,the median age of the users connected to the purported parent user,whether the purported parent user has engaged in adult-associatedactivities, and whether the purported parent user is married. Themachine learning process determines whether the potential parent user isan adult based on the rules, coefficients and the inputs.

Relationship Verification

The verification module 122 verifies 305 that the purported parent useris a parent of the child user. In one embodiment, the relationshipverification module 230 requests that the purported parent user confirmthat he or she is the parent of the child. Alternatively, therelationship verification module 230 requests that the purported parentuser declare a parent-child relationship between the purported parentuser's account and the child user's account.

In another embodiment, the relationship verification module 230determines whether the purported parent user is the parent of the childuser by comparing social data about the purported parent user with dataprovided by the child user. For example, the relationship verificationmodule 230 determines that the purported parent user and the child userhave the same last names, live in the same region, have the sameaddress, or have declared relationships with the same family members. Inone embodiment, the relationship verification module 230 determines adistance between a current city or other reported residence of thepurported parent and a residence or other location provided by the childuser. If the distance between the purported parent's residence and thechild user's reported residence is within a threshold distance, therelationship verification module 230 determines that the purportedparent and the child user have a valid parental relationship. However,if the distance between the purported parent's residence and the childuser's residence is not within the threshold distance, the relationshipverification module 230 determines that the purported parent and thechild user do not have a valid parental relationship or flags theparental relationship as potentially invalid.

The relationship verification module 230 may also determine whether thereported ages of the purported parent and the child user have adifference equaling or exceeding a threshold number of years. If thedifference between the ages of the purported parent and the child useris less than the threshold number of years, the verification module 230may determine that there is not a parental relationship between thepurported parent and the child user or may flag a parental relationshipbetween the purported parent and the child user as potentially invalid.For example, if the difference in age of the purported parent and theage of the child user is less than fifteen years, the verificationmodule 230 determines that the purported parent and the child user donot have a valid parent-child relationship.

Actions of the purported parent user may be analyzed to determine theexistence of a parent-child relationship. A parent user may sharepictures of its children on its profile, post stories on its profileabout its children, send messages to other users about its children, orpost events related to its children (for example, birthday parties orschool-related activities) in an online service (e.g., a socialnetworking system). Hence, analyzing actions of the purported parentuser for certain types of actions and/or for actions associated with thechild user may be used to verify 305 a parental relationship between thepurported parent user and the child user.

Connections between the purported parent user and other users may alsobe used to verify 305 a parental relationship between the purportedparent user and the child user. For example, the purported parent userhas verified a parent-child relationship with some of its other childrenin the online service. If other child users connected to the purportedparent have similar attributes to the child user requesting the account,a parental relationship between the purported parent user and the childuser requesting the account may be verified 305. For example if otherchild users having a verified parental relationship with the purportedparent user have the same last names or other identifying information asthe requesting child user, the parental relationship between thepurported parent user and the requesting child user is verified 305.

Other social data associated with the purported parent user may be usedto verify 305 the parental relationship between the purported parentuser and the child user. For example, users connected to the purportedparent user in the online service may be asked to verify 305 theexistence of the parental relationship. As another example, thepurported parent user is asked questions about the child user account toverify 305 the parent-child relationship. The above-described factors,as well as other factors, may be analyzed independently or incombination to verify 305 a parental relationship between the purportedparent user and the child user. In some embodiments, each factor isgiven a confidence score, which are combined to generate an overallconfidence score. If the overall confidence score is equals or exceeds athreshold score, the parent-child relationship is verified 305.Alternatively, a machine learning process is used to verify 305 theexistence of a parent-child relationship using social data (e.g.,activities of the purported parent in the social networking system,whether the purported parent user and the child user have the same lastnames, same addresses, and/or or same user locations). The machinelearning process may operate as described above.

After verifying 303 the purported parent user's account, verifying 304the purported parent user's age and verifying 305 the parentalrelationship between the purported parent user and the child user, theverification module 122 may request 306 authorization of the childuser's account from the purported parent user. If the online service isa social networking system, authorization of the child user's accountmay be requested 306 using any suitable communication channel, such ase-mail, text message, multimedia messaging service (MMS), instantmessage, or other online communication. In one embodiment, the purportedparent user is capable of authorizing the child user's account if thepurported parent user has an account with the online service.Alternatively or additionally, the purported parent user may provideinformation authorizing the child user's account, such as a confirmatione-mail or confirmation message, regardless of whether the purportedparent user has an account with the online service

When requesting 306 authorization of the child user's account, theverification module 122 may specify additional information and/oradditional steps for the purported parent user to verify the childuser's account. For example, an authorization request specifies that thepurported parent user provide a portion of an identification numberassociated with the purported parent user (e.g., last four digits of asocial security number, last four digits of a credit card number, etc.)to authorize the child user's account. A third-party verificationcompany may use the identification number to confirm that authorizationwas received from the purported parent user. As another example, theauthorization request specifies that the authorization be received froma confirmed email address or as an SMS message from a mobile phone. Theinformation and/or steps identified by the authorization request may bebased on the specific country and/or jurisdiction of the purportedparent user and/or child user.

When authorization of the child user's account is received 307 from thepurported parent user, the child user's account is activated 308,allowing the child user to access the online system. In one embodiment,after activating 308 the child user's account, a connection between thepurported parent user's account and the child user's account isestablished. The connection has a type associated with a parentalrelationship. In one embodiment, the child user is also automaticallyadded to a close friends or children list of the parent user. The childuser, however, may still restrict the parent user from seeing certaincontent depending on the content. If the purported parent user deniesauthorization to the child user, the child user's account is denied.

Application of Verification Methods

The systems and methods described above can be applied to obtainparental consent for a child user in various online contexts. Forexample, the systems and methods of verification described above can beapplied to obtain parental authorization of a child user's access to athird party system, which includes third party websites, onlineservices, a game or other online application, a media item, a portion ofa third party website, an online application that is run on a thirdparty website, or media items shown on a third party website. In someembodiments, the social networking system can allow the parent to engagein ongoing monitoring of the child's use of the social networking systemand/or other third party websites or services.

FIG. 5 shows an interaction diagram of the verification process for achild user's 503 request to access a third party system 502. Forinstance, a child user 503 may request 505 access to a third partysystem 502, such as a movie rental website or online game application ona website. Upon requesting an account with the third party system 502,the child user 502 may receive a limited account or limited access tothe third party system 502, until the child user 503 obtains parentalconsent to access the system 502. A request can be forwarded 506 fromthe third party system 502 to the API server 127 at the socialnetworking system 501 to obtain parental authorization for the childuser 503. The social networking system 501 determines 507 the validityof the parent user's account, the age of the parent user, and theexistence of a parent-child relationship using the methods disclosedabove. If the parent user's 504 account, age, and relationship with thechild user are verified, the social networking system 501 requests 508authorization from parent user 504 for the child user 503 to access thethird party system 502. The social networking system 501 receives 509 aresponse from the parent user 504 granting or denying access for thechild user 503 to the third party system 502. The social networkingsystem 501 confirms 510 the parent user's 504 response to the thirdparty system 502. The third party system 502 grants or denies 511 accessto the child user 503 based on the response received from the parentuser 504 via the social networking system 501. Accordingly, theverification methods described above allows the social networking system501 to act as a clearinghouse to obtain parental consent for children togain access to various third party systems.

In some embodiments, the request can be received directly from the childuser 503 in the social networking system 501. In other embodiments, therequest can be sent directly from a third party system 502 to the socialnetworking system 501 based on a child user's 503 request to access thethird party system 502. The third party system 502 can be the samesystem that the child user 503 requests access to, or the third partysystem 503 can make a request on behalf on another third party system502. The third party system 502 can also request pre-approval of thechild user's 503 account from the parent user 504. This allows the thirdparty system 502 to automatically grant the child user's 503 requestwithout forwarding 506 the request to the social networking system 501.

Regulation of a Child User's Account

FIG. 6 illustrates one embodiment of a method 600 for regulating a childuser's account with an online service. In one embodiment, the regulationmodule 128 receives 601 a request from a purported parent user toadminister a child user's account with an online service. Responsive tothe request, the regulation module 128 determines 602 whether thepurported parent user has a parental relationship with the child user.In one embodiment, the regulation module 128 accesses a user profileassociated with the child user to determine whether the child user has aparental relationship with the purported parent user. A parentalrelationship between the child user and the purported parent user mayhave been determined as described above in conjunction with FIGS. 3 and4. If the purported parent user has a parental relationship with thechild user, the regulation module 128 provides 603 the purported parentuser with an administration interface (e.g., a dashboard), which allowsthe parent user to provide and the regulation module 128 to receive 604administrative settings for the child user's account. The settings maybe used by the regulation module 128 to manage various interactions ofthe child user via the online service.

In one embodiment, the regulation module 128 allows the purported parentuser to manage the credentials for the child's user account if aparental relationship exists. For example, the parent user is authorizedto change or reset the child user's account password and/or to manage apassword reset processes initiated with respect to the account.Illustratively, a parent user of a child user may specify that theonline service, such as a social networking system, automatically notifythe parent user when a password reset process has been initiated for thechild user's account. Responsive to such a notification, the parent usermay access the regulation module 128 to complete the password resetprocess or cancel the password reset process. For example, a parent usermay cancel a password reset process when the child's user account hasbeen accessed by an unauthorized source.

As another example, the regulation module 128 enables a parent user tomanage connection requests (e.g., friend requests) associated with thechild user's account. In one embodiment, the regulation module 128notifies the parent user of requests received from other users toconnect with the child user's account. The parent user may evaluatereceived connection requests and select connection requests toauthorize, allowing the users associated with the selected connectionrequests to be connected to the child user's account. The regulationmodule 128 may additionally notify the parent user of connectionrequests sent by the child user to other users, and allow the parentuser to determine whether the connection requests may be sent to theirindicated recipients. Connection requests authorized by the parent userare sent from the child user to their identified recipients.

Further, the regulation module 128 may allow a parent user to regulateor specify the types of interactions that the child user may perform inan online system, such as a social networking system, or that otherusers may perform with respect to the child user. In one embodiment, theregulation module 128 enables the parent user to manage the users withwhich the child user is authorized to exchange communications via theonline service. The regulation module 128 may also enable the parentuser to identify objects (e.g., groups, events, pages, etc.) in theonline service with which the child user is permitted to interact orwith which the child user is not permitted to interact. For example, theparent user may specify that the child user is not permitted to joinidentified groups, attend identified events, or join identified pages ofan online service, such as the social networking system. As anotherexample, the parent user identifies that the child user is not permittedto provide “like” indications for specified objects of the onlineservice.

The regulation module 128 may also enable the parent user to regulateother users to which the child user may subscribe. For example, theparent user may indicate whether the child user is permitted tosubscribe to or “follow” other users of the social networking systemthat are not connected to the child user. Hence, a parent user maydecide whether the child user is permitted to receive periodic updatesregarding content generated by users not connected to the child user.Via the regulation module 128, a parent user may also control the childuser's access to applications (e.g., third party games, third partysoftware utilities, etc.) or a social application platform that may beleveraged by third parties available via the online service. In oneembodiment, the regulation module 128 enables the parent user toidentify on a granular level specific applications or characteristics ofapplications that the child user is permitted to or not permitted toaccess. Further, the regulation module 128 allows a parent user todisable or cancel the child user's account, which prevents the childuser from accessing the online service using the account. In oneembodiment, canceling the child user's account removes informationassociated with the account from the online service.

The regulation module 128 may moreover enable the parent user to managethe users permitted to tag the child user in images uploaded to theonline service. As used herein, tagging refers to providing anindication of a user's identity in an image such as a digitalphotograph. An image in which a user is tagged may be associated withthe user's profile or account. Hence, the regulation module 128 mayallow the parent user to restrict those users that may tag the childuser to the parent user, the child user, and/or friends of the childuser.

After receiving administrative settings from the parent user, theregulation module 128 manages 605 the interactions of the child userover the online service based at least in part on the settings receivedfrom the parent user. For example, the regulation module 128 preventsthe child user from exchanging chat messages based on settings receivedfrom the parent user. In one embodiment, the regulation module 128additionally manages the child user based on policies of the onlineservice specific to child users. For example, child user-specificpolicies may be automatically implemented by the regulation module 128responsive to determining that a user associated with an account is achild. Policies of an online service specific to child users may berelatively more restrictive than the policies governing adult users ofthe social networking system. In some embodiments, the parent user ofthe child user may modify application of the online service's childuser-specific policies for the child user.

In one embodiment, the regulation module 128 automatically restricts thechild user from performing certain actions. For example, the child usermay be prevented from unilaterally removing the parental relationshipbetween the child user and the parent user. The child user may also beplaced on a children, family, or relative list associated with theparent user. The regulation module 128 may also notify the parent userof interactions in the online service involving the child user. Forexample, the parent user automatically receives updates identifying thevarious actions performed by the child user, and/or actions performed byother users with respect to the child user. As examples ofnotifications, the regulation module 128 notifies the parent user whenthe child user has commented on a particular post of a friend or whenthe child user has been tagged in an image by another user. In oneembodiment, the notifications provided to the parent user may be subjectto certain limited privacy settings configured by the child user.

Content of the online service accessible to a child user may beregulated based on the child user's age. For example, objects (e.g.,pages, groups, events, advertisements, applications, etc.) in the onlineservice may each be associated with a particular age limit, preventingusers younger than the age limit from accessing the object. The agelimits may be automatically determined by the regulation module 128,input by an administrator of the online service, provided by a creatorof the object, determined from the average age of online service usersconnected to the object, the average age of online service users thatinteracted with the object, social signals, and/or other suitable data.For example, an age limit of sixteen may be automatically imposed on afan page of a social networking system based the average age of usersconnected to the fan page, based on the average age of users connectedto users that are connected to the fan page or other suitable data. Ifthe child user's age does not at least equal the age limit for anobject, the child user is prevented from accessing the object. Referringto the previous example, if the child user is fourteen, the child useris not permitted to access the fan page.

In one embodiment, if the child user is below a minimum age threshold(e.g., under the age of 13 years old), the regulation module 128 furtherlimits the interactions permitted by the child user. For example, theregulation module 128 may limit content accessible to a child useryounger than the minimum age threshold to content generated by usersconnected to the child user (e.g., friends of the child user). Asanother example, the regulation module 128 prevents users younger thanthe minimum age threshold from accessing specific types of content.Illustratively, a child user younger than the minimum age threshold ispermitted to access images uploaded to a social networking system, butnot advertisements posted with the images.

The regulation module 128 may additionally prevent users of the onlineservice that are above the minimum threshold age and not connected to achild user by two degrees or less (e.g., not a friend of a friend) fromlocating the child user via a search interface of the online service. Inone embodiment, the regulation module 128 also prevents users that arenot connected to a child user by two degrees or less and above theminimum threshold age from sending connection requests to the childuser.

SUMMARY

The foregoing description of the embodiments of the invention has beenpresented for the purpose of illustration; it is not intended to beexhaustive or to limit the invention to the precise forms disclosed.Persons skilled in the relevant art can appreciate that manymodifications and variations are possible in light of the abovedisclosure.

Some portions of this description describe the embodiments of theinvention in terms of algorithms and symbolic representations ofoperations on information. These algorithmic descriptions andrepresentations are commonly used by those skilled in the dataprocessing arts to convey the substance of their work effectively toothers skilled in the art. These operations, while describedfunctionally, computationally, or logically, are understood to beimplemented by computer programs or equivalent electrical circuits,microcode, or the like. Furthermore, it has also proven convenient attimes, to refer to these arrangements of operations as modules, withoutloss of generality. The described operations and their associatedmodules may be embodied in software, firmware, hardware, or anycombinations thereof.

Any of the steps, operations, or processes described herein may beperformed or implemented with one or more hardware or software modules,alone or in combination with other devices. In one embodiment, asoftware module is implemented with a computer program productcomprising a computer-readable medium containing computer program code,which can be executed by a computer processor for performing any or allof the steps, operations, or processes described.

Embodiments of the invention may also relate to an apparatus forperforming the operations herein. This apparatus may be speciallyconstructed for the required purposes, and/or it may comprise ageneral-purpose computing device selectively activated or reconfiguredby a computer program stored in the computer. Such a computer programmay be stored in a tangible computer readable storage medium or any typeof media suitable for storing electronic instructions, and coupled to acomputer system bus. Furthermore, any computing systems referred to inthe specification may include a single processor or may be architecturesemploying multiple processor designs for increased computing capability.

Embodiments of the invention may also relate to a computer data signalembodied in a carrier wave, where the computer data signal includes anyembodiment of a computer program product or other data combinationdescribed herein. The computer data signal is a product that ispresented in a tangible medium or carrier wave and modulated orotherwise encoded in the carrier wave, which is tangible, andtransmitted according to any suitable transmission method.

Finally, the language used in the specification has been principallyselected for readability and instructional purposes, and it may not havebeen selected to delineate or circumscribe the inventive subject matter.It is therefore intended that the scope of the invention be limited notby this detailed description, but rather by any claims that issue on anapplication based hereon. Accordingly, the disclosure of the embodimentsof the invention is intended to be illustrative, but not limiting, ofthe scope of the invention, which is set forth in the following claims.

What is claimed is:
 1. A computer-implemented method comprising:receiving, at a social networking system from a first client device of apurported parent user having an account in the social networking system,a request to regulate actions of a child user having an account in thesocial networking system that is accessible via a second client deviceof the child user, the child user having an age that is less than athreshold age; accessing information associated with the account in thesocial networking system of the purported parent user and accessinginformation associated with the account in the social networking systemof the child user; determining whether a parent-child relationshipexists between the purported parent user and the child user based on (1)the information associated with the account of the purported parent userand (2) the information associated with the account of the child user;responsive to determining an existence of a parent-child relationshipbetween the purported parent user and the child user, determiningwhether the account of the purported parent user is connected to theaccount of the child user; and responsive to determining that theaccount of the purported parent user is not connected to the account ofthe child user, automatically establishing, by a computer, a connectionin the social networking system between the account of the child userand the account of the purported parent user, the established connectionhaving a connection type indicating a parent-child relationship, whereinthe child user is prevented from unilaterally terminating theestablished connection between the account of the child user and theaccount of the purported parent user.
 2. The computer-implemented methodof claim 1, wherein determining whether a parent-child relationshipexists between the purported parent user and the child user comprises:determining whether the account of the purported parent user is valid;determining whether the account of the purported parent user isassociated with a purported parent user age that is equal to or exceedsan adult age threshold; and determining that the purported parent userhas a parent-child relationship with the child user based at least inpart on the determination that the account of the purported parent useris valid and on the determination that the account of the purportedparent is associated with a purported parent user age that is equal toor exceeds the adult age threshold.
 3. The computer-implemented methodof claim 1, further comprising: responsive to determining that theparent-child relationship exists between the purported parent user andthe child user, prompting the purported parent user to provideadministrative settings regulating actions of the child user in thesocial networking system; receiving, from the purported parent user,administrative settings regulating connection request actions of thechild user in the social networking system; and managing actions by thechild user in social networking system based on the administrativesettings received from the purported parent user.
 4. Thecomputer-implemented method of claim 3, further comprising:automatically notifying the purported parent user about types ofcommunications received by the child user in the social networkingsystem, wherein the types of communications are specified by theadministrative settings.
 5. The computer-implemented method of claim 4,wherein the types of communications are selected from the groupconsisting of: an invitation to an event, a request to form a connectionwith an additional user of the social networking system, and a requestto join a group in the social networking system.
 6. Thecomputer-implemented method of claim 3, wherein the administrativesettings indicates one or more types of social network connections thatwhich the child user may establish.
 7. The computer-implemented methodof claim 3, wherein managing actions by the child user in the socialnetworking system based at least in part on the administrative settingsreceived from the purported parent user comprises: limiting actions inthe social networking system capable of being performed by the childuser to actions specified by the administrative settings.
 8. Thecomputer-implemented method of claim 3, wherein the administrativesettings specify objects in the social networking system with which thechild user is permitted to establish a connection.
 9. Thecomputer-implemented method of claim 8, wherein an administrativesetting specifies whether the child user may receive information fromother users in the social networking system with which the child user isnot connected.
 10. The computer-implemented method of claim 1, furthercomprising: notifying the purported parent user of a request to connectto an additional user of the social networking system sent by the childuser.
 11. The computer-implemented method of claim 1, furthercomprising: transmitting, to the purported parent user, descriptions ofupdates to the account of the child user.
 12. The computer-implementedmethod of claim 1, further comprising: limiting content accessible tothe child user to content associated with users of the social networkingsystem connected to the child user if the age of the child user is lessthan a minimum age based on information associated with the account ofthe child user.
 13. The computer-implemented method of claim 1, furthercomprising: hiding the account associated with the child user fromappearing in search results from the social networking system if the ageof the child user is less than a minimum age based on informationassociated with the account of the child user.
 14. Thecomputer-implemented method of claim 1, further comprising: blockingreceipt of connection requests from other users by the child user if theage of the child user is less than a minimum age based on informationassociated with the account of the child user.
 15. Thecomputer-implemented method of claim 1, further comprising: receiving arequest from the child user to access a social networking object that isassociated with an age limit; and denying the child user access to thesocial networking object responsive to determining that the age of thechild user does not meet the age limit.
 16. A system composing: aprocessor; and a non-transitory computer readable medium configured tostore instructions, the instructions when executed by the processorcause the processor to: receive, at a social networking system from afirst client device of a purported parent user having an account in thesocial networking system, a request to regulate actions of a child userhaving an account in the social networking system that is accessible viaa second client device of the child user, the child user having an agethat is less than a threshold age; access information associated withthe account in the social networking system of the purported parent userand accessing information associated with the account in the socialnetworking system of the child user; determine whether a parent-childrelationship exists between the purported parent user and the child userbased on (1) the information associated with the account of thepurported parent user and (2) the information associated with theaccount of the child user; responsive to determining an existence of aparent-child relationship between the purported parent user and thechild user, determine whether the account of the purported parent useris connected to the account of the child user; and responsive todetermining that the account of the purported parent user is notconnected to the account of the child user, automatically establish aconnection in the social networking system between the account of thechild user and the account of the purported parent user, the establishedconnection having a connection type indicating a parent-childrelationship, wherein the child user is prevented from unilaterallyterminating the established connection between the account of the childuser and the account of the purported parent user.
 17. The system ofclaim 16, wherein the instructions further cause the processor to:automatically notify the purported parent user about types ofcommunications received by the child user in the social networkingsystem, wherein the types of communications are specified by theadministrative settings.
 18. The system of claim 16 wherein theinstructions further cause the processor to: notify the purported parentuser of a request to connect to an additional user of the socialnetworking system sent by the child user.
 19. The system of claim 16,wherein the instructions further cause the processor to: transmit, tothe purported parent user, descriptions of updates to the account of thechild user.
 20. The system of claim 16, wherein the instructions furthercause the processor to: responsive to determining that the parent-childrelationship exists between the purported parent user and the childuser, prompt the purported parent user to provide administrativesettings regulating actions of the child user in the social networkingsystem; receive, from the purported parent user, administrative settingsregulating connection request actions of the child user in the socialnetworking system; and manage actions by the child user in socialnetworking system based on the administrative settings received from thepurported parent user.
 21. A non-transitory computer readable mediumconfigured to store instructions, the instructions when executed by aprocessor cause the processor to: receive, at a social networking systemfrom a first client device of a purported parent user having an accountin the social networking system, a request to regulate actions of achild having an account in the social networking system that isaccessible via a second client device of the child user, the child userhaving an age that is less than a threshold age; access informationassociated with the account in the social networking system of thepurported parent user and accessing information associated with theaccount in the social networking system of the child user; determinewhether a parent-child relationship exists between the purported parentuser and the child user based on (1) the information associated with theaccount of the purported parent user and (2) the information associatedwith the account of the child user; responsive to determining anexistence of a parent-child relationship between the purported parentuser and the child user, determine whether the account of the purportedparent user is connected to the account of the child user; andresponsive to determining that the account of the purported parent useris not connected to the account of the child user, automaticallyestablish a connection in the social networking system between theaccount of the child user and the account of the purported parent user,the established connection having a connection type indicating aparent-child relationship, wherein the child user is prevented fromunilaterally terminating the established connection between the accountof the child user and the account of the purported parent user.
 22. Thenon-transitory computer readable medium of claim 21, wherein theinstructions further cause the processor to: automatically notify thepurported parent user about types of communications received by thechild user in the social networking system, wherein the types ofcommunications are specified by the administrative settings.
 23. Thenon-transitory computer readable medium of claim 21 wherein theinstructions further cause the processor to: notify the purported parentuser of a request to connect to an additional user of the socialnetworking system sent by the child user.
 24. The non-transitorycomputer readable medium of claim 21, wherein the instructions furthercause the processor to: transmit, to the purported parent user,descriptions of updates to the account of the child user.
 25. Thenon-transitory computer readable medium of claim 21, wherein theinstructions further cause the processor to: responsive to determiningthat the parent-child relationship exists between the purported parentuser and the child user, prompt the purported parent user to provideadministrative settings regulating actions of the child user in thesocial networking system; receive, from the purported parent user,administrative settings regulating connection request actions of thechild user in the social networking system; and manage actions by thechild user in social networking system based on the administrativesettings received from the purported parent user.
 26. Thecomputer-implemented method of claim 1, wherein the first client deviceand second client device are the same device.
 27. Thecomputer-implemented method of claim 1, wherein the automaticallyestablishing a connection in the social networking system between theaccount of the child user and the account of the purported parent usercomprises creating an edge between the child user and the purportedparent user in the social networking system, the child user and thepurported parent user each having a plurality of edges connecting themto other users of the social networking system.
 28. Thecomputer-implemented method off claim 1, wherein determining whether aparent-child relationship exists between the purported parent user andthe child user further comprises leveraging a plurality of socialsignals indicating the existence of the parent-child relationshipincluding information derived from connections of the purported parentuser or the child user.
 29. The computer-implemented method off claim 1,wherein determining whether a parent-child relationship exists betweenthe purported parent user and the child user further comprises analyzingone or more pictures in which the child user and the purported parentuser are tagged to determine the relationship between the purportedparent user and the child user.